diff options
| author | MadMaurice <madmaurice@zom.bi> | 2020-08-11 23:43:02 +0300 |
|---|---|---|
| committer | MadMaurice <madmaurice@zom.bi> | 2020-08-12 00:06:25 +0300 |
| commit | b47e309f3113a3c147070d42e27a2d96ecffb6b8 (patch) | |
| tree | 17ff0203dd8804cc5c176069b2dc1d2f2cb1ca69 | |
| parent | 62c4523bc18849083f616989e9965265dd0e8f26 (diff) | |
FIX(certificate): Retrieve QSslConfiguration after setting CA
Commit bdb12c6 added a regression for servers built with QT older than version
5.15. After this commit these servers do not serve intermediate certificates
anymore. This happens because the QSslConfiguration is retrieved before adding
the CA certificates to the socket and is reinserted into the socket again after
adding the CA certificates, thereby overwriting the CA certificates added in
between.
This commit fixes that by retrieving the QSslConfiguration just after setting
the CA certificates in case an older QT version than 5.15 is used.
| -rw-r--r-- | src/murmur/Server.cpp | 6 |
1 files changed, 5 insertions, 1 deletions
diff --git a/src/murmur/Server.cpp b/src/murmur/Server.cpp index 22a150b62..9b76709bf 100644 --- a/src/murmur/Server.cpp +++ b/src/murmur/Server.cpp @@ -1373,8 +1373,9 @@ void Server::newClient() { sock->setPrivateKey(qskKey); sock->setLocalCertificate(qscCert); - QSslConfiguration config = sock->sslConfiguration(); + QSslConfiguration config; #if QT_VERSION >= QT_VERSION_CHECK(5,15,0) + config = sock->sslConfiguration(); // Qt 5.15 introduced QSslConfiguration::addCaCertificate(s) that should be preferred over the functions in QSslSocket // Treat the leaf certificate as a root. @@ -1406,6 +1407,9 @@ void Server::newClient() { // Add intermediate CAs found in the PEM // bundle used for this server's certificate. sock->addCaCertificates(qlIntermediates); + + // Must not get config from socket before setting CA certificates + config = sock->sslConfiguration(); #endif config.setCiphers(Meta::mp.qlCiphers); |